Medical Records Privacy: Fears and Expectations of Patients

The title of this talk is "Medical Records Privacy: Fears and Expectations of Patients". So you can get an understanding of my point of view, I want to start out by talking about our project, the Privacy Rights Clearinghouse, and then make several points about the topic.

First some background on us: The PRC is a consumer education program, administered by the University of San Diego Center for Public Interest Law. We are grant funded, primarily by money from the California Public Utilities Commission. We have been in operation for 3 1/2 years now, since 1992.

We operate a toll free hotline available to Californians. Consumers call, ask questions and make complaints. We do not have legal authority, but, rather, give people information they can use to help them solve their problem. The Clearinghouse is the only program of its kind in the country.

We get about 10,000 calls a year, and so far have received over 35,000 calls total. We have developed a set of publications, 19 in all, which cover a broad range of informational privacy issues -- from junk mail and credit reports to employment privacy, telephone privacy, privacy in cyberspace and medical records confidentiality. You can see the list on the backside of one of the handouts. We are also on the Web, and our address is on the back of the handout.

What have we learned from the thousands of consumers who have called us?

First, consumers lack understanding of the dynamics of personal information gathering. They have a vague nagging sense that information is "out there" about them -- but not necessarily how it got there and what can be done with it. They know, for example, that technology plays a part in gathering, storing and disseminating personal information, but not the particulars.

Second, consumers are frustrated by the lack of control they have over the use of their personal information. "Junk mail" is among the top five topics of complaint year after year. I consider such topics as workplace monitoring and medical records privacy as far more serious than junk mail. Yet, the "I hate junk mail" calls outnumber these other topics by far.

I see this as a symbolic issue. Most people like certain kinds of junk mail, perhaps their catalogs. But what they hate is the lack of control they have over what enters their mail box each day.

Third observation: There is a great deal of misunderstanding about existing privacy protection laws and regulations. Most consumers think there are far more privacy laws and regulations than actually exist.

Fourth: Many of the worst cases of privacy abuse we have heard on the hotline are the result of errors, carelessness and poor judgement by those who handle personal information. And some are the result of inadequate security in the handling of personal information.

Let me give you some examples of the kinds of medical privacy-related stories we have heard from people who call the hotline.

Case 1. Laura had trouble getting several types of insurance -- health and disability insurance, as well as liability insurance for her office. She is a psychiatrist in private practice. When she ordered a copy of her medical record from the insurance company's centralized database, the Medical Information Bureau, she found out that she had been coded incorrectly as having both Alzheimer's disease and a heart condition.

Case 2. Martin once off-handedly remarked to his doctor that he had occasionally smoked pot twenty years ago. Apparently the doctor noted that in his medical record, because it got included in his record in the Medical Information Bureau data base. He was refused an increase in his life insurance coverage. Other erroneous information also had been entered into his report -- that he drank too much and that he smoked cigarettes.

Case 3. Bill went to the hospital for treatment for prostate cancer. Four weeks later he got a mail solicitation for a prostate medication. Bill believes the hospital released the information but wasn't able to determine that for sure.

Case 4. Martha is married to an undercover police officer. They both take extra care to safeguard their home address because of the threat of suspects learning her husband's true identity and finding out where they live. When Martha went to the hospital to have their first child, she insisted that the hospital not release her home address to anyone. Three days after she returned home with her newborn, she began receiving mail solicitations for baby-related products at her home address. The hospital had not honored her request.

Case 5. Mary donated plasma at a private facility. She was told at her initial visit that the information she provided would be held in strictest confidence. The next time she came to the center, she noticed a bulletin board in the waiting room area. On it was a list of plasma donors, with her first and last name included.

Case 6 [This final example doesn't have to do with medical records but illustrates a point I want to make.] Joe went car shopping and visited several auto dealerships. Shortly thereafter he discovered that an imposter, using his name, was making purchases using his credit card information. It turns out that one of the car dealers he had visited failed to shred its loan applications before tossing them in the dumpster. A 'dumpster diver' obtained the incredibly detailed information from one of the applications which had been tossed and made thousands of dollars worth of purchases. Two years have passed since this occurred, and the imposter is still making fraudulent purchases using Joe's name.

In each of these cases, the individuals were harmed or perceived the potential for harm from misuse of information they provided to others. Experiences like these obviously lead to distrust. And it's the notion of trust I want to focus on today.

These stories are backed up by a considerable body of public opinion poll data showing high levels of mistrust among Americans regarding uses of their personal information. Here are a few key statistics from a recent Louis Harris Poll.

In 1995, 82% of those polled, or 4 out of 5, said they are somewhat or very concerned about threats to their personal privacy. This is up from 64% in 1978.

One in four say they have been a victim of improper invasion of privacy. (Remember the stories from the hotline I relayed a few moments ago.)

Nearly 6 in 10 say they have at some point "refused to give information to a business or company because they thought it was not really needed or was too personal." Just 5 years ago this figure was significantly lower -- 4 in 10 refused to provide information when asked.

In 1995, 80% say that "technology has almost gotten out of control."

Where does all this concern stem from? The privacy scholar Alan Westin, who analyzes the survey results each year, says these privacy attitudes are fueled by two things -- a high level of distrust in institutions and fear of technology abuse.

There are several ways in which automated systems could lead to privacy abuses.

The first is improper use by a system operator - and, I would add, by anyone else who has access to electronic records. Such unauthorized access might be by "insiders," snooping for pay, snooping for pleasure, or snooping for vengeance. There is the recent example of the teenage daughter of healthcare worker who gained access to her mother's computer, found lists of patients and phoned them to tell them they had tested positive for AIDS.

A second type of privacy abuse is breaches of confidentiality to a third party. We have plenty of examples on this type of abuse -- from our hotline and from media reports -- for example, Congresswoman Nydia Velasquez, whose psychiatric hospital records of an attempted suicide were released to the media during her campaign for election.

A third category of privacy abuse is just plain carelessness, which I relayed in some of the anecdotes from our hotline. We got a call last week from a woman who called to report that she received a printout of someone else's Blue Cross billing record along with her own.

I want to expand on the notion of carelessness for just a moment, because it is one of the most common ways we have observed in which privacy is being abused.

We do not have in this country, infused throughout society and throughout our workplaces a "culture of confidentiality." We are careless with information. You would rarely find accountants, or anyone responsible for handling money for that manner, with currency and checks scattered about their desks and offices like so many leaves on a lawn in the fall. But you can walk into just about any office and see information treated in this cavalier a manner.

A fourth type of privacy abuse is secondary uses of medical information by unrelated third parties. Examples are marketing, law enforcement, and government surveillance. With the development of robust electronic systems for medical records data, there will be pressures for data to be used for "fishing trips." Here's an example of such a use: law enforcement demanding a list of everyone who uses X medication, lives in Y county, is male, Caucasian and over 200 pounds -- for an investigation of a terrorist incident.

A fifth potential for abuse is the ease of merging medical data with other computerized records, creating comprehensive electronic dossiers with Orwellian possibilities for ubiquitous monitoring and fishing expeditions.

And sixth, with the comprehensive computerization of medical records, a result is very likely to be the commodification of those records. Those data will have value on the marketplace and may end up being sought as much for their economic value as their benefit in keeping us healthy.

What does this mean for the establishment of electronic patient records?

I'm a firm believer the sins of our present-day practices will be visited upon any computer-based systems that are developed, unless extraordinary measures are taken, not only in system development, but even more important, in the human side of the equation. This means extensive and repeated training of employees as well as instituting meaningful sanctions for abuse.

Consumers will need considerable education about the benefits and safeguards of computerized records systems before they will be willing to trust in their use.

Let me give just one more statistic from the 1995 Louis Harris Poll to make a point. Nearly 100% of those surveyed said they see benefits from computerized medical records. At the same time, 74% expressed concern about the potential negative effects of a computer based system. But when presented with examples of privacy safeguards that could be taken in an automated system, three-fourths of those said they would be willing to have their records computerized.

Consumers will have to have demonstrated to them that their records are safe from secondary disclosures to third parties, including uses for government surveillance. They have learned of too many instances of sensitive personal information getting into the wrong hands.

Finally, it is going to be difficult to instill a high level of trust in American consumers until there is adequate protection in law regarding the confidentiality of medical records. Obviously, the vast benefits projected for electronic records systems are not going to be forthcoming if patients are not willing to divulge key pieces of information about their physical and mental health -- or if they seek medical care outside of the institutions which use the electronic systems.

We have plenty of anecdotal data today showing that individuals are indeed withholding information from caregivers because of fear of harm to them. It seems pointless to me to develop a comprehensive computerized patient record system without also ensuring that their data are given protection by law.